2012-11-08 15:30:20 -04:00
|
|
|
<?php
|
|
|
|
|
|
2017-08-04 09:32:25 -04:00
|
|
|
use ProcessMaker\Plugins\PluginRegistry;
|
|
|
|
|
|
2012-11-08 15:30:20 -04:00
|
|
|
/**
|
2012-11-20 17:48:54 -04:00
|
|
|
* sysGeneric - ProcessMaker Bootstrap
|
2012-11-08 15:30:20 -04:00
|
|
|
* this file is used initialize main variables, redirect and dispatch all requests
|
|
|
|
|
*/
|
2012-11-12 14:44:44 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
// Defining the PATH_SEP constant, he we are defining if the the path separator symbol will be '\\' or '/'
|
|
|
|
|
define('PATH_SEP', '/');
|
|
|
|
|
|
|
|
|
|
// Defining the Home Directory
|
|
|
|
|
$realdocuroot = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']);
|
|
|
|
|
$docuroot = explode(PATH_SEP, $realdocuroot);
|
|
|
|
|
|
|
|
|
|
array_pop($docuroot);
|
|
|
|
|
$pathhome = implode(PATH_SEP, $docuroot) . PATH_SEP;
|
|
|
|
|
|
|
|
|
|
// try to find automatically the trunk directory where are placed the RBAC and Gulliver directories
|
|
|
|
|
// in a normal installation you don't need to change it.
|
|
|
|
|
array_pop($docuroot);
|
|
|
|
|
$pathTrunk = implode(PATH_SEP, $docuroot) . PATH_SEP;
|
|
|
|
|
|
|
|
|
|
array_pop($docuroot);
|
|
|
|
|
$pathOutTrunk = implode(PATH_SEP, $docuroot) . PATH_SEP;
|
|
|
|
|
|
|
|
|
|
define('PATH_HOME', $pathhome);
|
|
|
|
|
define('PATH_TRUNK', $pathTrunk);
|
|
|
|
|
define('PATH_OUTTRUNK', $pathOutTrunk);
|
|
|
|
|
// Including these files we get the PM paths and definitions (that should be just one file.
|
|
|
|
|
require_once $pathhome . PATH_SEP . 'engine' . PATH_SEP . 'config' . PATH_SEP . 'paths.php';
|
|
|
|
|
require_once PATH_CORE . 'classes' . PATH_SEP . 'class.system.php';
|
|
|
|
|
|
|
|
|
|
// starting session
|
|
|
|
|
$timelife = ini_get('session.gc_maxlifetime');
|
|
|
|
|
if (is_null($timelife)) {
|
|
|
|
|
$timelife = 1440;
|
|
|
|
|
}
|
|
|
|
|
ini_set('session.gc_maxlifetime', $timelife);
|
|
|
|
|
ini_set('session.cookie_lifetime', $timelife);
|
|
|
|
|
session_start();
|
|
|
|
|
|
|
|
|
|
$config = PmSystem::getSystemConfiguration();
|
|
|
|
|
|
|
|
|
|
//$e_all = defined('E_DEPRECATED') ? E_ALL & ~E_DEPRECATED : E_ALL;
|
|
|
|
|
//$e_all = defined('E_STRICT') ? $e_all & ~E_STRICT : $e_all;
|
|
|
|
|
//$e_all = $config['debug'] ? $e_all : $e_all & ~E_NOTICE;
|
|
|
|
|
//$e_all = E_ALL & ~ E_DEPRECATED & ~ E_STRICT & ~ E_NOTICE & ~E_WARNING;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$filter = new InputFilter();
|
|
|
|
|
$config['display_errors'] = $filter->validateInput($config['display_errors']);
|
|
|
|
|
$config['error_reporting'] = $filter->validateInput($config['error_reporting']);
|
|
|
|
|
$config['wsdl_cache'] = $filter->validateInput($config['wsdl_cache'], 'int');
|
|
|
|
|
$config['time_zone'] = $filter->validateInput($config['time_zone']);
|
|
|
|
|
// Do not change any of these settings directly, use env.ini instead
|
|
|
|
|
ini_set('display_errors', $filter->validateInput($config['display_errors']));
|
|
|
|
|
ini_set('error_reporting', $filter->validateInput($config['error_reporting']));
|
|
|
|
|
ini_set('short_open_tag', 'On');
|
|
|
|
|
ini_set('default_charset', "UTF-8");
|
|
|
|
|
ini_set('soap.wsdl_cache_enabled', $config['wsdl_cache']);
|
|
|
|
|
ini_set('date.timezone',
|
|
|
|
|
(isset($_SESSION['__SYSTEM_UTC_TIME_ZONE__']) && $_SESSION['__SYSTEM_UTC_TIME_ZONE__']) ? 'UTC' : $config['time_zone']); //Set Time Zone
|
|
|
|
|
|
|
|
|
|
define('DEBUG_SQL_LOG', $config['debug_sql']);
|
|
|
|
|
define('DEBUG_TIME_LOG', $config['debug_time']);
|
|
|
|
|
define('DEBUG_CALENDAR_LOG', $config['debug_calendar']);
|
|
|
|
|
define('MEMCACHED_ENABLED', $config['memcached']);
|
|
|
|
|
define('MEMCACHED_SERVER', $config['memcached_server']);
|
|
|
|
|
define('TIME_ZONE', ini_get('date.timezone'));
|
|
|
|
|
|
|
|
|
|
// IIS Compatibility, SERVER_ADDR doesn't exist on that env, so we need to define it.
|
|
|
|
|
$_SERVER['SERVER_ADDR'] = isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : $_SERVER['SERVER_NAME'];
|
|
|
|
|
|
|
|
|
|
//to do: make different environments. sys
|
|
|
|
|
|
|
|
|
|
define('ERROR_SHOW_SOURCE_CODE',
|
|
|
|
|
true); // enable ERROR_SHOW_SOURCE_CODE to display the source code for any WARNING OR NOTICE
|
|
|
|
|
//define ( 'ERROR_LOG_NOTICE_ERROR', true ); //enable ERROR_LOG_NOTICE_ERROR to log Notices messages in default apache log
|
|
|
|
|
|
|
|
|
|
//check if it is a installation instance
|
|
|
|
|
if (!defined('PATH_C')) {
|
2012-11-20 17:48:54 -04:00
|
|
|
// is a intallation instance, so we need to define PATH_C and PATH_LANGUAGECONT constants temporarily
|
|
|
|
|
define('PATH_C', (rtrim(G::sys_get_temp_dir(), PATH_SEP) . PATH_SEP));
|
2017-12-04 13:25:35 +00:00
|
|
|
define('PATH_LANGUAGECONT', PATH_HOME . 'engine/content/languages/');
|
|
|
|
|
}
|
2012-11-20 17:48:54 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
// defining Virtual URLs
|
|
|
|
|
$virtualURITable = [];
|
|
|
|
|
$virtualURITable['/plugin/(*)'] = 'plugin';
|
|
|
|
|
$virtualURITable['/(sys*)/(*.js)'] = 'jsMethod';
|
|
|
|
|
$virtualURITable['/js/(*)'] = PATH_GULLIVER_HOME . 'js/';
|
|
|
|
|
$virtualURITable['/jscore/(*)'] = PATH_CORE . 'js/';
|
2012-11-20 17:48:54 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
if (defined('PATH_C')) {
|
2012-11-20 17:48:54 -04:00
|
|
|
$virtualURITable['/jsform/(*.js)'] = PATH_C . 'xmlform/';
|
2017-12-04 13:25:35 +00:00
|
|
|
$virtualURITable['/extjs/(*)'] = PATH_C . 'ExtJs/';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$virtualURITable['/htmlarea/(*)'] = PATH_THIRDPARTY . 'htmlarea/';
|
|
|
|
|
$virtualURITable['/sys[a-zA-Z][a-zA-Z0-9]{0,}()/'] = 'sysNamed';
|
|
|
|
|
$virtualURITable['/(sys*)'] = false;
|
|
|
|
|
$virtualURITable['/errors/(*)'] = PATH_GULLIVER_HOME . 'methods/errors/';
|
|
|
|
|
$virtualURITable['/gulliver/(*)'] = PATH_GULLIVER_HOME . 'methods/';
|
|
|
|
|
$virtualURITable['/controls/(*)'] = PATH_GULLIVER_HOME . 'methods/controls/';
|
|
|
|
|
$virtualURITable['/html2ps_pdf/(*)'] = PATH_THIRDPARTY . 'html2ps_pdf/';
|
|
|
|
|
$virtualURITable['/images/'] = 'errorFile';
|
|
|
|
|
$virtualURITable['/skins/'] = 'errorFile';
|
|
|
|
|
$virtualURITable['/files/'] = 'errorFile';
|
|
|
|
|
$virtualURITable['/[a-zA-Z][a-zA-Z0-9]{0,}()'] = 'sysUnnamed';
|
|
|
|
|
$virtualURITable['/rest/(*)'] = 'rest-service';
|
|
|
|
|
$virtualURITable['/update/(*)'] = PATH_GULLIVER_HOME . 'methods/update/';
|
|
|
|
|
$virtualURITable['/(*)'] = PATH_HTML;
|
|
|
|
|
|
|
|
|
|
$isRestRequest = false;
|
|
|
|
|
|
|
|
|
|
// Verify if we need to redirect or stream the file, if G:VirtualURI returns true means we are going to redirect the page
|
|
|
|
|
if (G::virtualURI($_SERVER['REQUEST_URI'], $virtualURITable, $realPath)) {
|
2012-11-20 17:48:54 -04:00
|
|
|
// review if the file requested belongs to public_html plugin
|
2017-12-04 13:25:35 +00:00
|
|
|
if (substr($realPath, 0, 6) == 'plugin') {
|
|
|
|
|
// Another way to get the path of Plugin public_html and stream the correspondent file, By JHL Jul 14, 08
|
|
|
|
|
// TODO: $pathsQuery will be used?
|
|
|
|
|
$pathsQuery = '';
|
|
|
|
|
// Get the query side
|
|
|
|
|
// Did we use this variable $pathsQuery for something??
|
|
|
|
|
$forQuery = explode("?", $realPath);
|
|
|
|
|
if (isset($forQuery[1])) {
|
|
|
|
|
$pathsQuery = $forQuery[1];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Get that path in array
|
|
|
|
|
$paths = explode(PATH_SEP, $forQuery[0]);
|
|
|
|
|
//remove the "plugin" word from
|
|
|
|
|
$paths[0] = substr($paths[0], 6);
|
|
|
|
|
//Get the Plugin Folder, always the first element
|
|
|
|
|
$pluginFolder = array_shift($paths);
|
|
|
|
|
//The other parts are the realpath into public_html (no matter how many elements)
|
|
|
|
|
$filePath = implode(PATH_SEP, $paths);
|
|
|
|
|
$pluginFilename = PATH_PLUGINS . $pluginFolder . PATH_SEP . 'public_html' . PATH_SEP . $filePath;
|
|
|
|
|
|
|
|
|
|
if (file_exists($pluginFilename)) {
|
|
|
|
|
G::streamFile($pluginFilename);
|
|
|
|
|
}
|
|
|
|
|
die;
|
2012-11-20 17:48:54 -04:00
|
|
|
}
|
2012-11-13 13:48:16 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
$requestUriArray = explode("/", $_SERVER['REQUEST_URI']);
|
|
|
|
|
|
|
|
|
|
if ((isset($requestUriArray[1])) && ($requestUriArray[1] == 'skin')) {
|
|
|
|
|
// This will allow to public images of Custom Skins, By JHL Feb 28, 11
|
|
|
|
|
$pathsQuery = "";
|
|
|
|
|
// Get the query side
|
|
|
|
|
// This way we remove garbage
|
|
|
|
|
$forQuery = explode("?", $realPath);
|
|
|
|
|
if (isset($forQuery[1])) {
|
|
|
|
|
$pathsQuery = $forQuery[1];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Get that path in array
|
|
|
|
|
$paths = explode(PATH_SEP, $forQuery[0]);
|
|
|
|
|
$fileToBeStreamed = str_replace("/skin/", PATH_CUSTOM_SKINS, $_SERVER['REQUEST_URI']);
|
|
|
|
|
|
|
|
|
|
if (file_exists($fileToBeStreamed)) {
|
|
|
|
|
G::streamFile($fileToBeStreamed);
|
|
|
|
|
}
|
|
|
|
|
die;
|
2012-11-20 17:48:54 -04:00
|
|
|
}
|
|
|
|
|
switch ($realPath) {
|
2017-12-04 13:25:35 +00:00
|
|
|
case 'sysUnnamed' :
|
|
|
|
|
require_once('sysUnnamed.php');
|
|
|
|
|
die;
|
|
|
|
|
break;
|
|
|
|
|
case 'sysNamed' :
|
|
|
|
|
header('location : ' . $_SERVER['REQUEST_URI'] . '/' . SYS_LANG . '/classic/login/login');
|
|
|
|
|
die;
|
|
|
|
|
break;
|
|
|
|
|
case 'jsMethod' :
|
|
|
|
|
G::parseURI(getenv("REQUEST_URI"));
|
|
|
|
|
$filename = PATH_METHODS . SYS_COLLECTION . '/' . SYS_TARGET . '.js';
|
|
|
|
|
G::streamFile($filename);
|
|
|
|
|
die;
|
|
|
|
|
break;
|
|
|
|
|
case 'errorFile':
|
|
|
|
|
header("location: /errors/error404.php?url=" . urlencode($_SERVER['REQUEST_URI']));
|
|
|
|
|
if (DEBUG_TIME_LOG) {
|
|
|
|
|
G::logTimeByPage();
|
|
|
|
|
} //log this page
|
|
|
|
|
die;
|
|
|
|
|
break;
|
|
|
|
|
default :
|
|
|
|
|
if (substr($realPath, 0, 12) == 'rest-service') {
|
|
|
|
|
$isRestRequest = true;
|
|
|
|
|
} else {
|
|
|
|
|
$realPath = explode('?', $realPath);
|
|
|
|
|
$realPath[0] .= strpos(basename($realPath[0]), '.') === false ? '.php' : '';
|
|
|
|
|
G::streamFile($realPath[0]);
|
|
|
|
|
die;
|
|
|
|
|
}
|
2012-11-20 17:48:54 -04:00
|
|
|
}
|
2017-12-04 13:25:35 +00:00
|
|
|
}//virtual URI parser
|
2012-11-20 17:48:54 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
// the request correspond to valid php page, now parse the URI
|
|
|
|
|
G::parseURI(getenv("REQUEST_URI"), $isRestRequest);
|
2012-11-20 17:48:54 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
$arrayUpdating = G::isPMUnderUpdating();
|
|
|
|
|
if ($arrayUpdating['action']) {
|
|
|
|
|
if ($arrayUpdating['workspace'] == "true" || $arrayUpdating['workspace'] == SYS_TEMP) {
|
|
|
|
|
header("location: /update/updating.php");
|
|
|
|
|
if (DEBUG_TIME_LOG) {
|
|
|
|
|
G::logTimeByPage();
|
2016-07-19 13:41:10 -04:00
|
|
|
}
|
2017-12-04 13:25:35 +00:00
|
|
|
die;
|
2016-07-19 13:41:10 -04:00
|
|
|
}
|
2017-12-04 13:25:35 +00:00
|
|
|
}
|
2012-11-20 17:48:54 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
// verify if index.html exists
|
|
|
|
|
if (!file_exists(PATH_HTML . 'index.html')) { // if not, create it from template
|
2012-11-20 17:48:54 -04:00
|
|
|
file_put_contents(
|
2017-12-04 13:25:35 +00:00
|
|
|
PATH_HTML . 'index.html',
|
|
|
|
|
G::parseTemplate(PATH_TPL . "index.html",
|
|
|
|
|
array("lang" => ((defined("SYS_LANG") && SYS_LANG != "") ? SYS_LANG : "en"), "skin" => SYS_SKIN))
|
2012-11-20 17:48:54 -04:00
|
|
|
);
|
2017-12-04 13:25:35 +00:00
|
|
|
}
|
2012-11-20 17:48:54 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
define('SYS_URI', '/sys' . SYS_TEMP . '/' . SYS_LANG . '/' . SYS_SKIN . '/');
|
2012-11-20 17:48:54 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
// defining the serverConf singleton
|
|
|
|
|
if (defined('PATH_DATA') && file_exists(PATH_DATA)) {
|
2012-11-20 17:48:54 -04:00
|
|
|
//Instance Server Configuration Singleton
|
2017-12-04 13:25:35 +00:00
|
|
|
$oServerConf = ServerConf::getSingleton();
|
|
|
|
|
}
|
2017-02-15 16:26:02 +00:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
// Call Gulliver Classes
|
2017-02-15 16:26:02 +00:00
|
|
|
|
2012-11-20 17:48:54 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
// Create headPublisher singleton
|
2017-02-15 16:26:02 +00:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
$oHeadPublisher = headPublisher::getSingleton();
|
2012-11-20 17:48:54 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
//Load filter class
|
2017-02-15 16:26:02 +00:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
$filter = new InputFilter();
|
2015-11-26 20:11:58 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
// Installer, redirect to install if we don't have a valid shared data folder
|
|
|
|
|
if (!defined('PATH_DATA') || !file_exists(PATH_DATA)) {
|
2012-11-08 18:06:09 -04:00
|
|
|
|
2012-11-08 15:30:20 -04:00
|
|
|
// new installer, extjs based
|
2012-11-20 17:48:54 -04:00
|
|
|
define('PATH_DATA', PATH_C);
|
2018-01-08 16:09:45 -04:00
|
|
|
require_once ( PATH_CONTROLLERS . 'InstallerModule.php' );
|
|
|
|
|
$controller = InstallerModule::class;
|
2012-11-12 14:44:44 -04:00
|
|
|
|
2012-11-08 15:30:20 -04:00
|
|
|
// if the method name is empty set default to index method
|
2012-11-20 17:48:54 -04:00
|
|
|
if (strpos(SYS_TARGET, '/') !== false) {
|
2017-12-04 13:25:35 +00:00
|
|
|
list($controller, $controllerAction) = explode('/', SYS_TARGET);
|
|
|
|
|
} else {
|
|
|
|
|
$controllerAction = SYS_TARGET;
|
2012-11-08 15:30:20 -04:00
|
|
|
}
|
2012-11-12 14:44:44 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
$controllerAction = ($controllerAction != '' && $controllerAction != 'login') ? $controllerAction : 'index';
|
2012-11-12 14:44:44 -04:00
|
|
|
|
2012-11-08 15:30:20 -04:00
|
|
|
// create the installer controller and call its method
|
2018-01-08 16:09:45 -04:00
|
|
|
if (is_callable([InstallerModule::class, $controllerAction])) {
|
2012-11-20 17:48:54 -04:00
|
|
|
$installer = new $controller();
|
|
|
|
|
$installer->setHttpRequestData($_REQUEST);
|
|
|
|
|
$installer->call($controllerAction);
|
2012-11-08 15:30:20 -04:00
|
|
|
}
|
2012-11-20 17:48:54 -04:00
|
|
|
else {
|
|
|
|
|
$_SESSION['phpFileNotFound'] = $_SERVER['REQUEST_URI'];
|
|
|
|
|
header ("location: /errors/error404.php?url=" . urlencode($_SERVER['REQUEST_URI']));
|
2012-11-08 15:30:20 -04:00
|
|
|
}
|
2012-11-20 17:48:54 -04:00
|
|
|
die;
|
2017-12-04 13:25:35 +00:00
|
|
|
}
|
2012-11-12 14:44:44 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
// Load Language Translation
|
|
|
|
|
G::LoadTranslationObject(defined('SYS_LANG') ? SYS_LANG : "en");
|
2012-11-20 17:48:54 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
// look for a disabled workspace
|
|
|
|
|
if ($oServerConf->isWSDisabled(SYS_TEMP)) {
|
2012-11-20 17:48:54 -04:00
|
|
|
$aMessage['MESSAGE'] = G::LoadTranslation('ID_DISB_WORKSPACE');
|
2017-12-04 13:25:35 +00:00
|
|
|
$G_PUBLISH = new Publisher;
|
|
|
|
|
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/showMessage', '', $aMessage);
|
|
|
|
|
G::RenderPage('publish');
|
2012-11-20 17:48:54 -04:00
|
|
|
die;
|
2017-12-04 13:25:35 +00:00
|
|
|
}
|
2012-11-20 17:48:54 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
// database and workspace definition
|
|
|
|
|
// if SYS_TEMP exists, the URL has a workspace, now we need to verify if exists their db.php file
|
|
|
|
|
if (defined('SYS_TEMP') && SYS_TEMP != '') {
|
2012-11-20 17:48:54 -04:00
|
|
|
//this is the default, the workspace db.php file is in /shared/workflow/sites/SYS_SYS
|
2017-12-04 13:25:35 +00:00
|
|
|
if (file_exists(PATH_DB . SYS_TEMP . '/db.php')) {
|
|
|
|
|
$pathFile = $filter->validateInput(PATH_DB . SYS_TEMP . '/db.php', 'path');
|
|
|
|
|
require_once($pathFile);
|
|
|
|
|
define('SYS_SYS', SYS_TEMP);
|
|
|
|
|
|
|
|
|
|
// defining constant for workspace shared directory
|
|
|
|
|
define('PATH_WORKSPACE', PATH_DB . config("system.workspace") . PATH_SEP);
|
|
|
|
|
// including workspace shared classes -> particularlly for pmTables
|
|
|
|
|
set_include_path(get_include_path() . PATH_SEPARATOR . PATH_WORKSPACE);
|
|
|
|
|
} else {
|
|
|
|
|
G::SendTemporalMessage('ID_NOT_WORKSPACE', "error");
|
|
|
|
|
G::header('location: /sys/' . SYS_LANG . '/' . SYS_SKIN . '/main/sysLogin?errno=2');
|
|
|
|
|
die;
|
2012-11-08 15:30:20 -04:00
|
|
|
}
|
2017-12-04 13:25:35 +00:00
|
|
|
} else { //when we are in global pages, outside any valid workspace
|
|
|
|
|
if (SYS_TARGET === 'newSite') {
|
|
|
|
|
$phpFile = G::ExpandPath('methods') . SYS_COLLECTION . "/" . SYS_TARGET . '.php';
|
|
|
|
|
$phpFile = $filter->validateInput($phpFile, 'path');
|
|
|
|
|
require_once($phpFile);
|
|
|
|
|
die();
|
|
|
|
|
} else {
|
|
|
|
|
if (SYS_TARGET == "dbInfo") { //Show dbInfo when no SYS_SYS
|
|
|
|
|
$pathFile = PATH_METHODS . 'login/dbInfo.php';
|
|
|
|
|
$pathFile = $filter->validateInput($pathFile, 'path');
|
|
|
|
|
require_once($pathFile);
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
|
|
if (substr(SYS_SKIN, 0,
|
|
|
|
|
2) === 'ux' && SYS_TARGET != 'sysLoginVerify') { // new ux sysLogin - extjs based form
|
|
|
|
|
$pathFile = $filter->validateInput(PATH_CONTROLLERS . 'main.php', 'path');
|
|
|
|
|
require_once $pathFile;
|
|
|
|
|
$controllerClass = 'Main';
|
|
|
|
|
$controllerAction = SYS_TARGET == 'sysLoginVerify' ? SYS_TARGET : 'sysLogin';
|
|
|
|
|
//if the method exists
|
|
|
|
|
if (is_callable(Array($controllerClass, $controllerAction))) {
|
|
|
|
|
$controller = new $controllerClass();
|
|
|
|
|
$controller->setHttpRequestData($_REQUEST);
|
|
|
|
|
$controller->call($controllerAction);
|
|
|
|
|
}
|
|
|
|
|
} else { // classic sysLogin interface
|
|
|
|
|
$pathFile = PATH_METHODS . 'login/sysLogin.php';
|
|
|
|
|
$pathFile = $filter->validateInput($pathFile, 'path');
|
|
|
|
|
require_once($pathFile);
|
|
|
|
|
die();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (DEBUG_TIME_LOG) {
|
|
|
|
|
G::logTimeByPage();
|
|
|
|
|
} //log this page
|
|
|
|
|
die();
|
2012-11-08 15:30:20 -04:00
|
|
|
}
|
2017-12-04 13:25:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// PM Paths DATA
|
|
|
|
|
define('PATH_DATA_SITE', PATH_DATA . 'sites/' . config("system.workspace") . '/');
|
|
|
|
|
define('PATH_DOCUMENT', PATH_DATA_SITE . 'files/');
|
|
|
|
|
define('PATH_DATA_MAILTEMPLATES', PATH_DATA_SITE . 'mailTemplates/');
|
|
|
|
|
define('PATH_DATA_PUBLIC', PATH_DATA_SITE . 'public/');
|
|
|
|
|
define('PATH_DATA_REPORTS', PATH_DATA_SITE . 'reports/');
|
|
|
|
|
define('PATH_DYNAFORM', PATH_DATA_SITE . 'xmlForms/');
|
|
|
|
|
define('PATH_IMAGES_ENVIRONMENT_FILES', PATH_DATA_SITE . 'usersFiles' . PATH_SEP);
|
|
|
|
|
define('PATH_IMAGES_ENVIRONMENT_USERS', PATH_DATA_SITE . 'usersPhotographies' . PATH_SEP);
|
|
|
|
|
define('SERVER_NAME', $_SERVER ['SERVER_NAME']);
|
|
|
|
|
define('SERVER_PORT', $_SERVER ['SERVER_PORT']);
|
|
|
|
|
|
|
|
|
|
// create memcached singleton
|
|
|
|
|
$memcache = PMmemcached::getSingleton(config("system.workspace"));
|
|
|
|
|
|
|
|
|
|
// verify configuration for rest service
|
|
|
|
|
if ($isRestRequest) {
|
|
|
|
|
// disable until confirm that rest is enabled & configured on rest-config.ini file
|
|
|
|
|
$isRestRequest = false;
|
|
|
|
|
$confFile = '';
|
|
|
|
|
$restApiClassPath = '';
|
|
|
|
|
|
|
|
|
|
// try load and getting rest configuration
|
|
|
|
|
if (file_exists(PATH_DATA_SITE . 'rest-config.ini')) {
|
|
|
|
|
$confFile = PATH_DATA_SITE . 'rest-config.ini';
|
|
|
|
|
$restApiClassPath = PATH_DATA_SITE;
|
|
|
|
|
} elseif (file_exists(PATH_CONFIG . 'rest-config.ini')) {
|
|
|
|
|
$confFile = PATH_CONFIG . 'rest-config.ini';
|
2012-11-20 17:48:54 -04:00
|
|
|
}
|
2017-12-04 13:25:35 +00:00
|
|
|
if (!empty($confFile) && $restConfig = @parse_ini_file($confFile, true)) {
|
|
|
|
|
if (array_key_exists('enable_service', $restConfig)) {
|
|
|
|
|
if ($restConfig['enable_service'] == 'true' || $restConfig['enable_service'] == '1') {
|
|
|
|
|
$isRestRequest = true; // rest service enabled
|
|
|
|
|
}
|
2012-11-08 15:30:20 -04:00
|
|
|
}
|
|
|
|
|
}
|
2017-12-04 13:25:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//here we are loading all plugins registered
|
|
|
|
|
//the singleton has a list of enabled plugins
|
|
|
|
|
$oPluginRegistry = PluginRegistry::loadSingleton();
|
|
|
|
|
|
|
|
|
|
// setup propel definitions and logging
|
|
|
|
|
require_once("propel/Propel.php");
|
|
|
|
|
require_once("creole/Creole.php");
|
|
|
|
|
|
|
|
|
|
if (defined('DEBUG_SQL_LOG') && DEBUG_SQL_LOG) {
|
|
|
|
|
define('PM_PID', mt_rand(1, 999999));
|
2012-11-08 18:06:09 -04:00
|
|
|
require_once 'Log.php';
|
2012-11-12 14:44:44 -04:00
|
|
|
|
2012-11-08 18:06:09 -04:00
|
|
|
// register debug connection decorator driver
|
2012-11-20 17:48:54 -04:00
|
|
|
Creole::registerDriver('*', 'creole.contrib.DebugConnection');
|
2012-11-12 14:44:44 -04:00
|
|
|
|
2012-11-08 15:30:20 -04:00
|
|
|
// initialize Propel with converted config file
|
2017-12-04 13:25:35 +00:00
|
|
|
Propel::init(PATH_CORE . "config/databases.php");
|
2012-11-12 14:44:44 -04:00
|
|
|
|
2012-11-08 15:30:20 -04:00
|
|
|
// unified log file for all databases
|
|
|
|
|
$logFile = PATH_DATA . 'log' . PATH_SEP . 'propel.log';
|
2017-10-10 12:33:25 -04:00
|
|
|
$logger = Log::singleton('file', $logFile, 'wf ' . config("system.workspace"), null, PEAR_LOG_INFO);
|
2012-11-20 17:48:54 -04:00
|
|
|
Propel::setLogger($logger);
|
2012-11-08 15:30:20 -04:00
|
|
|
// log file for workflow database
|
2012-11-20 17:48:54 -04:00
|
|
|
$con = Propel::getConnection('workflow');
|
2012-11-08 15:30:20 -04:00
|
|
|
if ($con instanceof DebugConnection) {
|
2017-12-04 13:25:35 +00:00
|
|
|
$con->setLogger($logger);
|
2012-11-08 15:30:20 -04:00
|
|
|
}
|
|
|
|
|
// log file for rbac database
|
2012-11-20 17:48:54 -04:00
|
|
|
$con = Propel::getConnection('rbac');
|
2012-11-12 14:44:44 -04:00
|
|
|
|
2012-11-08 15:30:20 -04:00
|
|
|
if ($con instanceof DebugConnection) {
|
2017-12-04 13:25:35 +00:00
|
|
|
$con->setLogger($logger);
|
2012-11-08 15:30:20 -04:00
|
|
|
}
|
2012-11-12 14:44:44 -04:00
|
|
|
|
2012-11-08 15:30:20 -04:00
|
|
|
// log file for report database
|
2012-11-20 17:48:54 -04:00
|
|
|
$con = Propel::getConnection('rp');
|
2012-11-08 15:30:20 -04:00
|
|
|
if ($con instanceof DebugConnection) {
|
2017-12-04 13:25:35 +00:00
|
|
|
$con->setLogger($logger);
|
2012-11-08 15:30:20 -04:00
|
|
|
}
|
2017-12-04 13:25:35 +00:00
|
|
|
} else {
|
|
|
|
|
Propel::init(PATH_CORE . "config/databases.php");
|
|
|
|
|
}
|
2012-11-08 15:30:20 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
Creole::registerDriver('dbarray', 'creole.contrib.DBArrayConnection');
|
2012-11-08 15:30:20 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
// Session Initializations
|
|
|
|
|
ini_set('session.auto_start', '1');
|
2012-11-08 15:30:20 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
// The register_globals feature has been DEPRECATED as of PHP 5.3.0. default value Off.
|
|
|
|
|
// ini_set( 'register_globals', 'Off' );
|
|
|
|
|
//session_start();
|
|
|
|
|
ob_start();
|
2012-11-08 15:30:20 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
// Rebuild the base Workflow translations if not exists
|
|
|
|
|
if (!is_file(PATH_LANGUAGECONT . 'translation.en')) {
|
|
|
|
|
require_once("classes/model/Translation.php");
|
2012-11-20 17:48:54 -04:00
|
|
|
$fields = Translation::generateFileTranslation('en');
|
2017-12-04 13:25:35 +00:00
|
|
|
}
|
2012-11-08 15:30:20 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
// TODO: Verify if the language set into url is defined in translations env.
|
|
|
|
|
if (SYS_LANG != 'en' && !is_file(PATH_LANGUAGECONT . 'translation.' . SYS_LANG)) {
|
|
|
|
|
require_once("classes/model/Translation.php");
|
2012-11-20 17:48:54 -04:00
|
|
|
$fields = Translation::generateFileTranslation(SYS_LANG);
|
2017-12-04 13:25:35 +00:00
|
|
|
}
|
2012-11-08 15:30:20 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
// Setup plugins
|
|
|
|
|
$oPluginRegistry->setupPlugins(); //get and setup enabled plugins
|
|
|
|
|
$avoidChangedWorkspaceValidation = false;
|
2012-11-08 15:30:20 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
// Load custom Classes and Model from Plugins.
|
|
|
|
|
G::LoadAllPluginModelClasses();
|
2012-11-08 15:30:20 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
// jump to php file in methods directory
|
|
|
|
|
$collectionPlugin = '';
|
|
|
|
|
if ($oPluginRegistry->isRegisteredFolder(SYS_COLLECTION)) {
|
|
|
|
|
$phpFile = PATH_PLUGINS . SYS_COLLECTION . PATH_SEP . SYS_TARGET . '.php';
|
|
|
|
|
$targetPlugin = explode('/', SYS_TARGET);
|
2012-11-08 15:30:20 -04:00
|
|
|
$collectionPlugin = $targetPlugin[0];
|
|
|
|
|
$avoidChangedWorkspaceValidation = true;
|
2017-12-04 13:25:35 +00:00
|
|
|
} else {
|
|
|
|
|
$phpFile = G::ExpandPath('methods') . SYS_COLLECTION . PATH_SEP . SYS_TARGET . '.php';
|
|
|
|
|
}
|
2012-11-08 15:30:20 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
// services is a special folder,
|
|
|
|
|
if (SYS_COLLECTION == 'services') {
|
2012-11-08 15:30:20 -04:00
|
|
|
$avoidChangedWorkspaceValidation = true;
|
2017-12-04 13:25:35 +00:00
|
|
|
$targetPlugin = explode('/', SYS_TARGET);
|
2012-11-12 14:44:44 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
if ($targetPlugin[0] == 'webdav') {
|
|
|
|
|
$phpFile = G::ExpandPath('methods') . SYS_COLLECTION . PATH_SEP . 'webdav.php';
|
2012-11-08 15:30:20 -04:00
|
|
|
}
|
2017-12-04 13:25:35 +00:00
|
|
|
}
|
2012-11-08 15:30:20 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
if (SYS_COLLECTION == 'login' && SYS_TARGET == 'login') {
|
2012-11-08 15:30:20 -04:00
|
|
|
$avoidChangedWorkspaceValidation = true;
|
2017-12-04 13:25:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//the index.php file, this new feature will allow automatically redirects to valid php file inside any methods folder
|
|
|
|
|
/* DEPRECATED
|
|
|
|
|
if ( SYS_TARGET == '' ) {
|
|
|
|
|
$phpFile = str_replace ( '.php', 'index.php', $phpFile );
|
|
|
|
|
$phpFile = include ( $phpFile );
|
|
|
|
|
}*/
|
|
|
|
|
$bWE = false;
|
|
|
|
|
$isControllerCall = false;
|
|
|
|
|
if (substr(SYS_COLLECTION, 0, 8) === 'gulliver') {
|
|
|
|
|
$phpFile = PATH_GULLIVER_HOME . 'methods/' . substr(SYS_COLLECTION, 8) . SYS_TARGET . '.php';
|
|
|
|
|
} else {
|
2012-11-08 15:30:20 -04:00
|
|
|
//when the file is part of the public directory of any PROCESS, this a ProcessMaker feature
|
2012-11-20 17:48:54 -04:00
|
|
|
if (preg_match('/^[0-9][[:alnum:]]+$/', SYS_COLLECTION) == 1) { //the pattern is /sysSYS/LANG/SKIN/PRO_UID/file
|
2017-12-04 13:25:35 +00:00
|
|
|
$auxPart = explode('/', $_SERVER['REQUEST_URI']);
|
|
|
|
|
$aAux = explode('?', $auxPart[count($auxPart) - 1]);
|
|
|
|
|
//$extPart = explode ( '.' , $auxPart[ count($auxPart)-1] );
|
|
|
|
|
$extPart = explode('.', $aAux[0]);
|
|
|
|
|
$queryPart = isset($aAux[1]) ? $aAux[1] : "";
|
|
|
|
|
$extension = $extPart[count($extPart) - 1];
|
|
|
|
|
$phpFile = PATH_DATA_SITE . 'public' . PATH_SEP . SYS_COLLECTION . PATH_SEP . urldecode($auxPart[count($auxPart) - 1]);
|
|
|
|
|
$aAux = explode('?', $phpFile);
|
|
|
|
|
$phpFile = $aAux[0];
|
|
|
|
|
|
|
|
|
|
if ($extension != 'php') {
|
|
|
|
|
G::streamFile($phpFile);
|
|
|
|
|
die;
|
|
|
|
|
}
|
2012-11-12 14:44:44 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
$avoidChangedWorkspaceValidation = true;
|
|
|
|
|
$bWE = true;
|
|
|
|
|
//$phpFile = PATH_DATA_SITE . 'public' . PATH_SEP . SYS_COLLECTION . PATH_SEP . $auxPart[ count($auxPart)-1];
|
2012-11-08 15:30:20 -04:00
|
|
|
}
|
2012-11-12 14:44:44 -04:00
|
|
|
|
2012-11-08 15:30:20 -04:00
|
|
|
//erik: verify if it is a Controller Class or httpProxyController Class
|
2012-11-20 17:48:54 -04:00
|
|
|
if (is_file(PATH_CONTROLLERS . SYS_COLLECTION . '.php')) {
|
2017-12-04 13:25:35 +00:00
|
|
|
$pathFile = $filter->validateInput(PATH_CONTROLLERS . SYS_COLLECTION . '.php', 'path');
|
|
|
|
|
require_once $pathFile;
|
|
|
|
|
$controllerClass = SYS_COLLECTION;
|
|
|
|
|
//if the method name is empty set default to index method
|
|
|
|
|
$controllerAction = SYS_TARGET != '' ? SYS_TARGET : 'index';
|
|
|
|
|
//if the method exists
|
|
|
|
|
if (is_callable(Array($controllerClass, $controllerAction))) {
|
|
|
|
|
$isControllerCall = true;
|
|
|
|
|
}
|
2012-11-08 15:30:20 -04:00
|
|
|
}
|
2012-11-20 17:48:54 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
if (!$isControllerCall && !file_exists($phpFile) && !$isRestRequest) {
|
|
|
|
|
$_SESSION['phpFileNotFound'] = $_SERVER['REQUEST_URI'];
|
|
|
|
|
header("location: /errors/error404.php?url=" . urlencode($_SERVER['REQUEST_URI']));
|
|
|
|
|
die;
|
2012-11-08 15:30:20 -04:00
|
|
|
}
|
2017-12-04 13:25:35 +00:00
|
|
|
}
|
2012-11-08 15:30:20 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
//redirect to login, if user changed the workspace in the URL
|
|
|
|
|
if (!$avoidChangedWorkspaceValidation && isset($_SESSION['WORKSPACE']) && $_SESSION['WORKSPACE'] != config("system.workspace")) {
|
2017-10-10 12:33:25 -04:00
|
|
|
$_SESSION['WORKSPACE'] = config("system.workspace");
|
2017-12-04 13:25:35 +00:00
|
|
|
G::SendTemporalMessage('ID_USER_HAVENT_RIGHTS_SYSTEM', "error");
|
2012-11-08 15:30:20 -04:00
|
|
|
// verify if the current skin is a 'ux' variant
|
2012-11-20 17:48:54 -04:00
|
|
|
$urlPart = substr(SYS_SKIN, 0, 2) == 'ux' && SYS_SKIN != 'uxs' ? '/main/login' : '/login/login';
|
2012-11-12 14:44:44 -04:00
|
|
|
|
2017-10-10 12:33:25 -04:00
|
|
|
header('Location: /sys' . config("system.workspace") . '/' . SYS_LANG . '/' . SYS_SKIN . $urlPart);
|
2012-11-20 17:48:54 -04:00
|
|
|
die;
|
2017-12-04 13:25:35 +00:00
|
|
|
}
|
2012-11-08 18:06:09 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
// enable rbac
|
|
|
|
|
$RBAC = RBAC::getSingleton(PATH_DATA, session_id());
|
|
|
|
|
$RBAC->sSystem = 'PROCESSMAKER';
|
2012-11-08 18:06:09 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
// define and send Headers for all pages
|
|
|
|
|
if (!defined('EXECUTE_BY_CRON')) {
|
|
|
|
|
header("Expires: " . gmdate("D, d M Y H:i:s", mktime(0, 0, 0, date('m'), date('d') - 1, date('Y'))) . " GMT");
|
2012-11-20 17:48:54 -04:00
|
|
|
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
|
|
|
|
|
header("Cache-Control: no-store, no-cache, must-revalidate");
|
|
|
|
|
header("Cache-Control: post-check=0, pre-check=0", false);
|
|
|
|
|
header("Pragma: no-cache");
|
2012-11-12 14:44:44 -04:00
|
|
|
|
2012-11-08 15:30:20 -04:00
|
|
|
// get the language direction from ServerConf
|
2017-12-04 13:25:35 +00:00
|
|
|
define('SYS_LANG_DIRECTION', $oServerConf->getLanDirection());
|
|
|
|
|
|
|
|
|
|
if ((isset($_SESSION['USER_LOGGED'])) && (!(isset($_GET['sid'])))) {
|
|
|
|
|
if (PHP_VERSION < 5.2) {
|
|
|
|
|
setcookie(session_name(), session_id(), time() + $timelife, '/', '; HttpOnly');
|
|
|
|
|
} else {
|
|
|
|
|
setcookie(session_name(), session_id(), time() + $timelife, '/', null, false, true);
|
|
|
|
|
}
|
|
|
|
|
$RBAC->initRBAC();
|
|
|
|
|
//using optimization with memcache, the user data will be in memcache 8 hours, or until session id goes invalid
|
|
|
|
|
$memKey = 'rbacSession' . session_id();
|
|
|
|
|
if (($RBAC->aUserInfo = $memcache->get($memKey)) === false) {
|
|
|
|
|
$RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']);
|
|
|
|
|
$memcache->set($memKey, $RBAC->aUserInfo, PMmemcached::EIGHT_HOURS);
|
2012-11-08 15:30:20 -04:00
|
|
|
}
|
2017-12-04 13:25:35 +00:00
|
|
|
} else {
|
|
|
|
|
// this is the blank list to allow execute scripts with no login (without session started)
|
|
|
|
|
$noLoginFiles = $noLoginFolders = [];
|
|
|
|
|
$noLoginFiles[] = 'login';
|
|
|
|
|
$noLoginFiles[] = 'authentication';
|
|
|
|
|
$noLoginFiles[] = 'login_Ajax';
|
|
|
|
|
$noLoginFiles[] = 'dbInfo';
|
|
|
|
|
$noLoginFiles[] = 'sysLoginVerify';
|
|
|
|
|
$noLoginFiles[] = 'processes_Ajax';
|
|
|
|
|
$noLoginFiles[] = 'showLogoFile';
|
|
|
|
|
$noLoginFiles[] = 'forgotPassword';
|
|
|
|
|
$noLoginFiles[] = 'retrivePassword';
|
|
|
|
|
$noLoginFiles[] = 'genericAjax';
|
|
|
|
|
|
|
|
|
|
$noLoginFolders[] = 'services';
|
|
|
|
|
$noLoginFolders[] = 'tracker';
|
|
|
|
|
$noLoginFolders[] = 'installer';
|
|
|
|
|
|
|
|
|
|
// This sentence is used when you lost the Session
|
|
|
|
|
if (!in_array(SYS_TARGET, $noLoginFiles)
|
|
|
|
|
&& !in_array(SYS_COLLECTION, $noLoginFolders)
|
|
|
|
|
&& $bWE != true && $collectionPlugin != 'services'
|
|
|
|
|
&& !$isRestRequest
|
|
|
|
|
) {
|
|
|
|
|
$bRedirect = true;
|
|
|
|
|
|
|
|
|
|
if (isset($_GET['sid'])) {
|
|
|
|
|
$oSessions = new Sessions();
|
|
|
|
|
if ($aSession = $oSessions->verifySession($_GET['sid'])) {
|
|
|
|
|
require_once 'classes/model/Users.php';
|
|
|
|
|
$oUser = new Users();
|
|
|
|
|
$aUser = $oUser->load($aSession['USR_UID']);
|
|
|
|
|
initUserSession($aUser['USR_UID'], $aUser['USR_USERNAME']);
|
|
|
|
|
$bRedirect = false;
|
|
|
|
|
if (PHP_VERSION < 5.2) {
|
|
|
|
|
setcookie(session_name(), session_id(), time() + $timelife, '/', '; HttpOnly');
|
|
|
|
|
} else {
|
|
|
|
|
setcookie(session_name(), session_id(), time() + $timelife, '/', null, false, true);
|
|
|
|
|
}
|
|
|
|
|
$RBAC->initRBAC();
|
|
|
|
|
$RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']);
|
|
|
|
|
$memKey = 'rbacSession' . session_id();
|
|
|
|
|
$memcache->set($memKey, $RBAC->aUserInfo, PMmemcached::EIGHT_HOURS);
|
|
|
|
|
}
|
|
|
|
|
}
|
2012-11-12 14:44:44 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
if ((isset($_SESSION['USER_LOGGED'])) && (!(isset($_GET['sid'])))) {
|
|
|
|
|
if (PHP_VERSION < 5.2) {
|
|
|
|
|
setcookie(session_name(), session_id(), time() + $timelife, '/', '; HttpOnly');
|
|
|
|
|
} else {
|
|
|
|
|
setcookie(session_name(), session_id(), time() + $timelife, '/', null, false, true);
|
|
|
|
|
}
|
|
|
|
|
$RBAC->initRBAC();
|
|
|
|
|
//using optimization with memcache, the user data will be in memcache 8 hours, or until session id goes invalid
|
|
|
|
|
$memKey = 'rbacSession' . session_id();
|
|
|
|
|
if (($RBAC->aUserInfo = $memcache->get($memKey)) === false) {
|
|
|
|
|
$RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']);
|
|
|
|
|
$memcache->set($memKey, $RBAC->aUserInfo, PMmemcached::EIGHT_HOURS);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
// this is the blank list to allow execute scripts with no login (without session started)
|
|
|
|
|
$noLoginFiles = $noLoginFolders = [];
|
|
|
|
|
$noLoginFiles[] = 'login';
|
|
|
|
|
$noLoginFiles[] = 'authentication';
|
|
|
|
|
$noLoginFiles[] = 'login_Ajax';
|
|
|
|
|
$noLoginFiles[] = 'dbInfo';
|
|
|
|
|
$noLoginFiles[] = 'sysLoginVerify';
|
|
|
|
|
$noLoginFiles[] = 'processes_Ajax';
|
|
|
|
|
$noLoginFiles[] = 'showLogoFile';
|
|
|
|
|
$noLoginFiles[] = 'forgotPassword';
|
|
|
|
|
$noLoginFiles[] = 'retrivePassword';
|
|
|
|
|
$noLoginFiles[] = 'genericAjax';
|
|
|
|
|
|
|
|
|
|
$noLoginFolders[] = 'services';
|
|
|
|
|
$noLoginFolders[] = 'tracker';
|
|
|
|
|
$noLoginFolders[] = 'installer';
|
|
|
|
|
|
|
|
|
|
// This sentence is used when you lost the Session
|
|
|
|
|
if (!in_array(SYS_TARGET, $noLoginFiles)
|
|
|
|
|
&& !in_array(SYS_COLLECTION, $noLoginFolders)
|
|
|
|
|
&& $bWE != true && $collectionPlugin != 'services'
|
|
|
|
|
&& !$isRestRequest
|
|
|
|
|
) {
|
|
|
|
|
$bRedirect = true;
|
|
|
|
|
|
|
|
|
|
if (isset($_GET['sid'])) {
|
|
|
|
|
$oSessions = new Sessions();
|
|
|
|
|
if ($aSession = $oSessions->verifySession($_GET['sid'])) {
|
|
|
|
|
require_once 'classes/model/Users.php';
|
|
|
|
|
$oUser = new Users();
|
|
|
|
|
$aUser = $oUser->load($aSession['USR_UID']);
|
|
|
|
|
$_SESSION['USER_LOGGED'] = $aUser['USR_UID'];
|
|
|
|
|
$_SESSION['USR_USERNAME'] = $aUser['USR_USERNAME'];
|
|
|
|
|
$bRedirect = false;
|
|
|
|
|
if (PHP_VERSION < 5.2) {
|
|
|
|
|
setcookie(session_name(), session_id(), time() + $timelife, '/', '; HttpOnly');
|
|
|
|
|
} else {
|
|
|
|
|
setcookie(session_name(), session_id(), time() + $timelife, '/', null, false, true);
|
|
|
|
|
}
|
|
|
|
|
$RBAC->initRBAC();
|
|
|
|
|
$RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']);
|
|
|
|
|
$memKey = 'rbacSession' . session_id();
|
|
|
|
|
$memcache->set($memKey, $RBAC->aUserInfo, PMmemcached::EIGHT_HOURS);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($bRedirect) {
|
|
|
|
|
if (substr(SYS_SKIN, 0,
|
|
|
|
|
2) == 'ux' && SYS_SKIN != 'uxs'
|
|
|
|
|
) { // verify if the current skin is a 'ux' variant
|
|
|
|
|
$loginUrl = 'main/login';
|
|
|
|
|
} else {
|
|
|
|
|
if (strpos($_SERVER['REQUEST_URI'],
|
|
|
|
|
'/home') !== false
|
|
|
|
|
) { //verify is it is using the uxs skin for simplified interface
|
|
|
|
|
$loginUrl = 'home/login';
|
|
|
|
|
} else {
|
|
|
|
|
$loginUrl = 'login/login'; // just set up the classic login
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (empty($_POST)) {
|
|
|
|
|
header('location: ' . SYS_URI . $loginUrl . '?u=' . urlencode($_SERVER['REQUEST_URI']));
|
|
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
if ($isControllerCall) {
|
|
|
|
|
header("HTTP/1.0 302 session lost in controller");
|
|
|
|
|
} else {
|
|
|
|
|
header('location: ' . SYS_URI . $loginUrl);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
die();
|
|
|
|
|
}
|
|
|
|
|
}
|
2012-11-20 17:48:54 -04:00
|
|
|
}
|
2017-12-04 13:25:35 +00:00
|
|
|
$_SESSION['phpLastFileFound'] = $_SERVER['REQUEST_URI'];
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* New feature for Gulliver framework to support Controllers & HttpProxyController classes handling
|
|
|
|
|
*
|
|
|
|
|
* @author Erik Amaru Ortiz <erik@colosa.com, aortiz.erik@gmail.com>
|
|
|
|
|
*/
|
|
|
|
|
if ($isControllerCall) { //Instance the Controller object and call the request method
|
|
|
|
|
$controller = new $controllerClass();
|
|
|
|
|
$controller->setHttpRequestData($_REQUEST);
|
|
|
|
|
$controller->call($controllerAction);
|
|
|
|
|
} elseif ($isRestRequest) {
|
|
|
|
|
G::dispatchRestService(SYS_TARGET, $restConfig, $restApiClassPath);
|
|
|
|
|
} else {
|
|
|
|
|
require_once $filter->validateInput($phpFile, 'path');
|
2012-11-08 15:30:20 -04:00
|
|
|
}
|
2012-11-12 14:44:44 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
if (defined('SKIP_HEADERS')) {
|
|
|
|
|
header("Expires: " . gmdate("D, d M Y H:i:s",
|
|
|
|
|
mktime(0, 0, 0, date('m'), date('d'), date('Y') + 1)) . " GMT");
|
|
|
|
|
header('Cache-Control: public');
|
|
|
|
|
header('Pragma: ');
|
|
|
|
|
}
|
2012-11-12 14:44:44 -04:00
|
|
|
|
2017-12-04 13:25:35 +00:00
|
|
|
ob_end_flush();
|
|
|
|
|
if (DEBUG_TIME_LOG) {
|
|
|
|
|
G::logTimeByPage(); //log this page
|
|
|
|
|
}
|
|
|
|
|
}
|
2012-11-08 15:30:20 -04:00
|
|
|
}
|
2017-12-04 13:25:35 +00:00
|
|
|
}
|
